#!/bin/bash
echo "ThreadFix VM config script v1"

if [ "$(whoami)" != "tfuser" ];
then
    echo "This script must be run as user 'tfuser'"
    echo "Please log back in as tfuser and run this script again."
    exit 1;
fi

# DELETE vagrant user
if [ "`ls -a | grep .del_vagrant`" = "" ];
then
    echo "Deleting vagrant user"
    sudo deluser vagrant
    sudo chown -R tfuser /home/vagrant/
    sudo touch .del_vagrant
fi

# DELETE anonymous MySQL user
if [ "`ls -a | grep .mysql_anon`" = "" ];
then
    echo "Deleting anonymous MySQL user"
    sudo echo "delete from mysql.user where user = ''; FLUSH PRIVILEGES;" | /usr/bin/mysql -u threadfix -ptfpassword
    sudo touch .mysql_anon
fi

if [ "` ls -a | grep .mysql_pass`" = "" ];
then
  echo "Changing ThreadFix MySQL password"
  sudo service tomcat7 stop
  
  while true ;
  do

    echo -e "Please enter your desired MySQL password: "
    read -s pass1

    echo -e "Please verify your password: "
    read -s pass2

    if [ "$pass1" = "$pass2" ];
    then
        LENGTH="${#pass1}"
        if [ $LENGTH -gt 11 ];
        then
            mysqladmin -u threadfix -p'tfpassword' password $pass1
            sudo touch .mysql_pass
            TF="/var/lib/tomcat7/webapps/threadfix/WEB-INF/classes/"
            sudo cp $TF/jdbc.properties $TF/jdbc.properties.bak
            sudo sed -i "s/tfpassword/$pass1/g" $TF/jdbc.properties
            break
        else
            echo -e "The password needs to be at least 12 characters in length."
        fi
    else
        echo -e "Passwords did not match.\n"
    fi
  done

  sudo service tomcat7 start

fi

if [ "` ls -a | grep .tfuser_pass`" = "" ];
then
  echo "Changing tfuser password"
  while true ;
  do

    echo -e "Please enter the new tfuser password: "
    read -s pass1

    echo -e "Please verify the new tfuser password: "
    read -s pass2

    if [ "$pass1" = "$pass2" ];
    then
        LENGTH="${#pass1}"
        if [ $LENGTH -gt 11 ];
        then
            sudo echo -e "tfuser:$pass1" | sudo chpasswd
            sudo touch .tfuser_pass
            break
        else
            echo -e "The password needs to be at least 12 characters in length."
        fi
    else
        echo -e "Passwords did not match.\n"
    fi
  done
fi

if [ "` ls -a | grep .esapi_key`" = "" ];
then
    echo "Changing ESAPI master key"

    sudo unzip -n -qq /var/lib/tomcat7/webapps/threadfix/WEB-INF/lib/esapi-2.0.2-SNAPSHOT.jar -d /home/vagrant
    sudo unzip -n -qq /var/lib/tomcat7/webapps/threadfix/WEB-INF/lib/log4j-1.2.16.jar -d /home/vagrant

    sudo cp /var/lib/tomcat7/webapps/threadfix/WEB-INF/classes/ESAPI.properties /home/vagrant/ESAPI.properties

    sudo touch encrypt.sh && sudo chown tfuser encrypt.sh

    sudo echo "java org.owasp.esapi.reference.crypto.JavaEncryptor" > encrypt.sh

    NEWKEY="`bash encrypt.sh | grep Encryptor.MasterKey`"
    NEWSALT="`bash encrypt.sh | grep Encryptor.MasterSalt`"
    OLDKEY="`cat ESAPI.properties | grep Encryptor.MasterKey`"
    OLDSALT="`cat ESAPI.properties | grep Encryptor.MasterSalt`"

    NEWKEY2=$(printf "%s\n" "$NEWKEY" | sed 's/[][\.*^$/]/\\&/g')
    NEWSALT2=$(printf "%s\n" "$NEWSALT" | sed 's/[][\.*^$/]/\\&/g')
    OLDKEY2=$(printf "%s\n" "$OLDKEY" | sed 's/[][\.*^$/]/\\&/g')
    OLDSALT2=$(printf "%s\n" "$OLDSALT" | sed 's/[][\.*^$/]/\\&/g')

    sudo cp /home/vagrant/ESAPI.properties /home/vagrant/ESAPI.properties.new

    sudo sed -i "s/$OLDSALT2/$NEWSALT2/g" /home/vagrant/ESAPI.properties.new
    sudo sed -i "s/$OLDKEY2/$NEWKEY2/g" /home/vagrant/ESAPI.properties.new

    sudo cp /home/vagrant/ESAPI.properties.new /var/lib/tomcat7/webapps/threadfix/WEB-INF/classes/ESAPI.properties

    sudo rm -r org

    sudo touch .esapi_key
fi


echo "Also be sure to log in to ThreadFix and configure your users "
echo "as per the instructions at this address:"
echo ""
echo "http://code.google.com/p/threadfix/wiki/GettingStarted#Create_a_new_User"
echo ""
